Data Loss Prevention (DLP) involves computer and information security, where DLP systems identify, monitor, and protect data in use (e.g., endpoint actions), data in motion (e.g., network actions), and data at rest (e.g., data storage). DLP systems may be deployed at user endpoint devices, network servers, etc. to inspect information content. DLP systems are designed to detect and prevent the unauthorized use and transmission of confidential information.
Client computer systems and devices, such as personal computers, laptop computers, personal digital assistants, smart phones, etc. are prolific in modern organizations. Often these systems include applications that allow users to create and edit documents, spreadsheets, presentations, databases, etc, which are referred to collectively as “documents.” These systems also increasingly include the capability to transfer the documents, as well as other sensitive data, to other systems.
DLP systems that are employed at endpoint devices, to prevent the unwanted or unintended transmission of sensitive information, are usually lightweight applications due to the limited resources of the endpoint device (e.g., limitations resulting from a CPU, memory, disk size, processing speed, etc.). To achieve high accuracy in detecting sensitive documents in this resource-limited environment, training of the application typically required. However, if this training is only performed in advance of deployment on an endpoint system, false positive and false negative DLP decisions for new information content may result. To rectify an overabundance of false DLP decisions, some endpoint DLP applications may be retrained. However, retraining an endpoint DLP system involves human interaction which is costly, time-consuming, and highly inefficient.